Hola a todos,
No se si ya estáis usando esta herramienta pero a mi me parece tan completa que la voy a compartir.
Pac4Mac es una herramienta para extraer y analizar información de un MAC OS X (vamos para hacerle un forense en condiciones ) Ademas, esta bajo una Apache License 2.0.
Os dejo con las features de Pac4Mac :
• Developed in Python 2.x (natively supported)
• Framework usage
• Support of OS X 10.6, 10.7, 10.8 and 10.9 (not tested)
Data extraction through:
• User or Root access
• Single Mode access
• Target Mode access (Storage media by Firewire or Thunderbolt)
It use 3 dumping modes : Quick, Forensics, Advanced:
• Dumping Users / User Admin
• Dumping Mac's Identity (os version, owner)
• Dumping Miscellaneous files (Address book, Trash, Bash history, stickies, LSQuarantine, AddressBook, Safari Webpage Preview, Office Auto Recovery, WiFI access history, ...)
• Dumping content of current Keychain (security cmd + securityd process)
• Dumping Users Keychains
• Dumping System Keychains
• Dumping password Hashes
• Live Cracking hashes password s
• Dumping Browser Cookies (Safari, Chrome, Firefox, Opera)
• Dumping Browser Places (Safari, Chrome, Firefox, Opera)
• Dumping Browser Downloads history (Safari, Chrome, Firefox, Opera)
• Dumping printed files
• Dumping iOS files backups
• Dumping Calendar and Reminders / Displaying secrets
• Dumping Skype messages / Displaying secrets on demand
• Dumping iChat, Messages(.app), Adium messages
• Dumping Emails content (only text)
• Dumping Emails content of all or special Mail Boxes
• Adding root user
• Dumping RAM
• Cloning local Disk
• Dumping system logs, install, audit, firewall
DMA access features (exploitation of Firewire and Thunderbolt interfaces)
• Unlock or bypass in writring into RAM
• Dumping RAM content
• Exploit extracted data (see Analysis module)
Analysis module in order to easily exploit extracted data by one of dumping modes
• Exploit Browser History x 4 (Displaying recordings, Local copy for usurpation)
• Exploit Browser Cookies x 4 (Displaying recordings, Local copy for usurpation)
• Display Browser Downloads x 4 (Displaying recordings)
• Exploit Skype Messages (Displaying/Recording all recorded messages, with secret information or containing a special keyword)
• Exploit iChat, Messages(.app), Adium messages (in the next version)
• Exploit Calendar Cache (Display/Recording all recorded entries, with secret information or containing a special keyword)
• Exploit Email Messages (Displaying/Recording all recorded messages, with secret information or containing a special keyword / )
• Exploit RAM memory Dump (Searching Apple system/applications/Web Passwords)
• Exploit Keychains (Display content Keychain , Crack Keychain files)
• Crack Hashes passwords
• Exploit iOS files (Accessing to iPhone without passcode, reading secrets through iTunes backups)
• Display Stickies Widgets
• Display Printed Documents
• Display prospective passwords (displaying all found passwords during dump and analysis phases)
Etc.
Más Información:
Código fuente:
Y un pequeño regalo para los que hayáis llegado a leer todo el post, aqui teneis todos los TIPS que se han utilizado para extraer y analizar la información para esta herramienta:
Espero que os guste tanto como a mi.
Un saludo.
Albert.
No se si ya estáis usando esta herramienta pero a mi me parece tan completa que la voy a compartir.
Pac4Mac es una herramienta para extraer y analizar información de un MAC OS X (vamos para hacerle un forense en condiciones ) Ademas, esta bajo una Apache License 2.0.
Os dejo con las features de Pac4Mac :
• Developed in Python 2.x (natively supported)
• Framework usage
• Support of OS X 10.6, 10.7, 10.8 and 10.9 (not tested)
Data extraction through:
• User or Root access
• Single Mode access
• Target Mode access (Storage media by Firewire or Thunderbolt)
It use 3 dumping modes : Quick, Forensics, Advanced:
• Dumping Users / User Admin
• Dumping Mac's Identity (os version, owner)
• Dumping Miscellaneous files (Address book, Trash, Bash history, stickies, LSQuarantine, AddressBook, Safari Webpage Preview, Office Auto Recovery, WiFI access history, ...)
• Dumping content of current Keychain (security cmd + securityd process)
• Dumping Users Keychains
• Dumping System Keychains
• Dumping password Hashes
• Live Cracking hashes password s
• Dumping Browser Cookies (Safari, Chrome, Firefox, Opera)
• Dumping Browser Places (Safari, Chrome, Firefox, Opera)
• Dumping Browser Downloads history (Safari, Chrome, Firefox, Opera)
• Dumping printed files
• Dumping iOS files backups
• Dumping Calendar and Reminders / Displaying secrets
• Dumping Skype messages / Displaying secrets on demand
• Dumping iChat, Messages(.app), Adium messages
• Dumping Emails content (only text)
• Dumping Emails content of all or special Mail Boxes
• Adding root user
• Dumping RAM
• Cloning local Disk
• Dumping system logs, install, audit, firewall
DMA access features (exploitation of Firewire and Thunderbolt interfaces)
• Unlock or bypass in writring into RAM
• Dumping RAM content
• Exploit extracted data (see Analysis module)
Analysis module in order to easily exploit extracted data by one of dumping modes
• Exploit Browser History x 4 (Displaying recordings, Local copy for usurpation)
• Exploit Browser Cookies x 4 (Displaying recordings, Local copy for usurpation)
• Display Browser Downloads x 4 (Displaying recordings)
• Exploit Skype Messages (Displaying/Recording all recorded messages, with secret information or containing a special keyword)
• Exploit iChat, Messages(.app), Adium messages (in the next version)
• Exploit Calendar Cache (Display/Recording all recorded entries, with secret information or containing a special keyword)
• Exploit Email Messages (Displaying/Recording all recorded messages, with secret information or containing a special keyword / )
• Exploit RAM memory Dump (Searching Apple system/applications/Web Passwords)
• Exploit Keychains (Display content Keychain , Crack Keychain files)
• Crack Hashes passwords
• Exploit iOS files (Accessing to iPhone without passcode, reading secrets through iTunes backups)
• Display Stickies Widgets
• Display Printed Documents
• Display prospective passwords (displaying all found passwords during dump and analysis phases)
Etc.
Más Información:
- No tienes permitido ver los links. Registrarse o Entrar a mi cuenta
- (UPDATE)No tienes permitido ver los links. Registrarse o Entrar a mi cuenta
Código fuente:
- No tienes permitido ver los links. Registrarse o Entrar a mi cuenta
Y un pequeño regalo para los que hayáis llegado a leer todo el post, aqui teneis todos los TIPS que se han utilizado para extraer y analizar la información para esta herramienta:
- No tienes permitido ver los links. Registrarse o Entrar a mi cuenta
Espero que os guste tanto como a mi.
Un saludo.
Albert.